Now that the Kubernetes cluster is provisioned and you have a set of containers running, the ongoing DevOps workflow will be to write code locally, push that to GitHub into the config or code directories, and that in turn will start a job to rebuild the container images with the versioned code. These images are in turn pushed to the private Docker registry, and pulled to run on the pods.
Push updates to the config directory. The pipeline will detect changes and initiate a base image rebuild, and then another build on top for the code files.
Push updates to the code directory. The pipeline will detect changes and initiate a custom image rebuild.
As container images are built and pushed to the IBM Cloud Container Registry, they are automatically scanned by the Vulnerability Advisor.
You can see whether there are any vulnerabilities in your images by listing the images:
bx cr imagesIf any of them are listed as Vulnerable you can then see the specific issues with:
bx cr va $IMAGE_NAME